Overview

overview

10

Static

static

10

1344-95-0x...ry.exe

windows7-x64

1344-95-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1344-95-0x0000000000400000-0x0000000000472000-memory.dmp

  • Size

    456KB

  • MD5

    4050d8e85cefd27489314c8467a8b157

  • SHA1

    993a536765dad14fc3a698f613e0da75c62a8451

  • SHA256

    83144c456b064741e7014ad8776061ab23418c43397b3cd7b4e1d09acb3555d0

  • SHA512

    e5abb04c3ce03e5f78bac91791b4be3a98d2b3930a24793301a11aa02354ceab576b805aee2627f662658ab9c52f899592ce3dad5d60d65c863364b9eb2b258a

  • SSDEEP

    6144:N8uAQwwDpyexff3jgmImbcE3sstvLGyELbMUTKZQt:uuAQwwDpyejBImbGSiyyjK

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.ercolina-usa.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    &G5NO0lmThIO

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1344-95-0x0000000000400000-0x0000000000472000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections